We use Let’s Encrypt to issue certificates for customers, and we’ve been observing the issue that we see some incomplete certificate returned from the API time to time.
We use Ruby client (https://github.com/unixcharles/acme-client, v2.0.0), and we see this at “Downloading a certificate” step, and
order.certificate there is incomplete: https://github.com/unixcharles/acme-client#downloading-a-certificate
Usually, we see something like:
-----BEGIN CERTIFICATE----- certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- chain certificate (ca_certificate) -----END CERTIFICATE-----
However, when it’s incomplete, it looks like (recent failed one’s example, happened on Jan 10):
-----BEGIN CERTIFICATE----- certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- chain certificate, but cut in the middle, after line 21 (usually it has 25 line)
Usually, the second try with the same set of identifiers will go well. We noticed that this started happening Nov 2019 or so (it might have been happening before that too), and this happened 2-5 times per month so far (we issue a lot of certificates per month, so the percentage is not high). This tend to happen with the certificate with lots of identifiers (20+).
Any idea how this could be happening, or heard any similar issues before? Happy to provide more info.